[Snort-users] Using suppress and syntax
Shawn.Jefferson at ...14448...
Wed May 19 17:49:16 EDT 2010
I'm doing this and it works:
suppress gen_id 1, sig_id 2009955, track by_dst, ip [172.16.1.120,172.16.1.121]
with Snort v.188.8.131.52
and I tested your suppress line and it worked for me as well (snort -T), no error message.
From: Bill Pickens [mailto:wmpickens at ...11827...]
Sent: Wednesday, May 19, 2010 1:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Using suppress and syntax
I want to suppress a rule for a number of servers.
Can I do that?
I tried this an it gives me a parsing error:
suppress gen_id 1, sig_id 469, track by_dst, ip [10.106.88.29,10.102.128.1,10.103.128.2,172.17.17.150]
What would be the proper syntax for the the last line show here:
var ENT_DNS_SERVERS [10.101.1.1,10.103.1.2,10.105.3.4]
var LOCAL_DNS_SERVERS [184.108.40.206,220.127.116.11,18.104.22.168]
var DNS_SERVERS [$ENT_DNS_SERVERS,$LOCAL_DNS_SERVERS] <--- is this correct? snort doesn't complain
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users